lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CA+55aFxJAMhhnD6qZWCGjh+zaa-OOLQmP7=shi71vYxTw2CFnw@mail.gmail.com>
Date:	Mon, 20 Feb 2012 21:32:09 -0800
From:	Linus Torvalds <torvalds@...ux-foundation.org>
To:	"H. Peter Anvin" <hpa@...or.com>
Cc:	Ian Kent <raven@...maw.net>, David Miller <davem@...emloft.net>,
	thomas@...3r.de, linux-kernel@...r.kernel.org
Subject: Re: Linux 3.3-rc4

On Mon, Feb 20, 2012 at 9:28 PM, H. Peter Anvin <hpa@...or.com> wrote:
>
> Holes are highly undesirable for another reason: they create security
> holes where kernel information leaks out.

.. however, this is not an argument for adding a *new* interface.

You are still stuck handling the old one, so adding a new interface
without holes doesn't help *anything*. It's just a bad idea.

So we're stuck with the interfaces we have. Don't say "let's fix the
problems by adding new ones". It doesn't work, it doesn't solve
anything, and all it results in is even *more* interfaces to maintain
and find bugs in.

It's also a major pain for testing, since different people will
invariably use different interfaces. So a person running an older
distro will see a bug that the maintainer cannot reproduce, because
they maintainer has in the meantime updated to all the new and
"improved" interfaces.

So "new and improved" is just bad. Fix the existing ones, instead of
saying "oops, that was a bad interface so let's make a new one".
Always.

                      Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ